Setting up multiple IPs

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

testing123

Regular Contributor
I have 4 static IPs on my cox account. I've set it up thusly:

Modem --> 5 port netgear unmanaged ethernet switch --> then off to the various routers for each static IP.

The problem is that I can only get internet to two of the "nodes".

All cables ring out fine (and were working before I set this up). The routers are configured correctly. Oddly, even if I plug in directly to the switch with a laptop, no internet (even though two of my 'nodes' [machines] are getting internet fine).

Is the above setup the right way to handle this?

Thanks for any help.
 

Tech9

Very Senior Member
Why do you want 4 different external IP addresses and completely separate networks with different routers?
 

testing123

Regular Contributor
To separate NWs. I know...I can use VLANs, but I'm using static IPs.

Additional info:

For the nodes not working, if I plug into one of the working NW's routers, I get internet. One of the working routers is the same router I'm using on the non-working nodes, and are configured the same (except for the LAN IP addresses).

I can reach and configure the router from the "no internet" machine.
 

Tech9

Very Senior Member
To separate NWs.

You only make it more difficult to manage with unnecessary extra Wi-Fi interference. Four routers with 4 different networks is similar to 4 families living in the same house, all of them with personal issues and not talking to each other. I have no idea what Cox offers, for what reason and what ISP device they provide. Someone else may help you to create even bigger issue than the one you currently have. I would have completely different approach.
 

testing123

Regular Contributor
You only make it more difficult to manage with unnecessary extra Wi-Fi interference. Four routers with 4 different networks is similar to 4 families living in the same house, all of them with personal issues and not talking to each other. I have no idea what Cox offers, for what reason and what ISP device they provide. Someone else may help you to create even bigger issue than the one you currently have. I would have completely different approach.
The two routers that work have wireless enabled (I'll call them R1 & R2) and are within feet of each other. Only one router (R3 - not working) sits in the same spot, but wireless isn't enabled for that one. The 4th router (R4) is 60' away. The wireless hasn't been an issue in the past with the subnets I had set up (using the same routers, except for the X86U). This doesn't seem like a wireless problem. Even when I plug the machine from R3 directly into the "modem switch" (bypassing router), no internet.

I understand there are other, probably better ways to handle this, but I'd like to see this through.
 

Tech9

Very Senior Member
I'm sorry, in general I avoid giving advice when I believe the whole idea is wrong and will create more issues than benefits. I don't know what Cox is and how the external static IPs work with their equipment. I have available 2x IPv4 external IPs on my modem/router; it has 4x LAN ports, but only 2 can be used for IPv4 external IPs in bridged modem mode, for example. Someone else will help you.
 

testing123

Regular Contributor
I'm sorry, in general I avoid giving advice when I believe the whole idea is wrong and will create more issues than benefits. I don't know what Cox is and how the external static IPs work with their equipment. I have available 2x IPv4 external IPs on my modem/router; it has 4x LAN ports, but only 2 can be used for IPv4 external IPs in bridged modem mode, for example. Someone else will help you.
You may be right. What problems do you believe could occur? I just called Cox and asked if my issues could be due to a tech or Cox limitation of the multiple IP addresses, but she refused to answer other than it's an IT problem.
 

Tech9

Very Senior Member
You don't need external static IPs to separate devices on your internal network. Share what's the idea, what do you want to separate, what do you need to have access to, what hardware do you have available and we may continue this conversation. Obviously, you're not willing to replace your entire network with VLAN capable hardware, so list what you already have and we may find a better solution with minimum added cost. I expect other folks to join when we know what we are talking about.
 

testing123

Regular Contributor
Thanks for the help. Since I last posted, I've come to the conclusion that the limitation is on the IP side. To illustrate (and this also gives an idea of what I want to isolate):

R(outer)1: main PC, used for customer database, invoicing and any other business activities with the exception of accounting. I also mostly use this for most my computing purposes...browsing, purchases, research, forums, etc.

R2: IP Security cameras

R3: Accounting...QB, Quicken.

R4: personal - includes wireless stuff (including business cell phones, thermostats, tablets). The wireless stuff isn't an issue, since I can easily isolate them from the rest of the network. But I do need a router for a PC or other devices at that end.

So, for the illustration:

R1 and R2 are the first routers I set up and are working fine. No other routers I plug in will work, not even if I plug them directly to the modem or the modem switch.

Laying around, I have approximately 5 WRT54GL routers, 3 or 4 TP-Link WR940N routers, an Asus RT-N66U and the new RT-AX86U. The only ones in use at present are the 86U and a WR940N. All routers work except for one of the WRTs.

I tried all of the "out of use" routers in other end of the bldg. Not one of them worked. Then I connected the Security Cam router in that location. Bingo. Internet.

My conclusion is that my IP limits me to just two routers directly connected to the given static IP. This assumption dictates that my IP is somehow registering the routers in order to impose the limit.

I'll place my "needs" in the next post.
 

testing123

Regular Contributor
I mentioned that I have four static IPs on my account. Frankly, I thought it would be easier to use static IPs to isolate than the numerous subnets I was using before. Also, I now know that the subnets weren't truly isolated. Given my comments above, I think I can do what I want with only 2 static IPs and a few subnet routers, although I'll have to get up to speed on how to actually isolate them (if they can be isolated). So the following is what I hope to accomplish (yes, I know this may be overkill). R1 and R2 would be used as they are now:

R1: As is, main PC
R2: IP security cams. I need this to be isolated in order to access them from the internet (I'm not doing so now...they are strictly LAN, recorded to an 8TB HDD in a dedicated PC).
R3: This machine is only used every week or two for a few hours at a time. I suppose I could use R1, but I''d feel much better if I could isolate it. Subnet?
R4: (far end of bldg): I could live with a subnet here, if it can be isolated. Subnet?

After which, I want to address WAN security. That may mean buying and researching configuration of one of the NetGate appliances discussed in the other thread.

I recognize that some of my requirements may be over the top, also that I might should have addressed WAN security first. I'm into my busy season at present (non-tech related) and having to address this as time permits (and even when it doesn't). I also have to build another PC for my Accounting Machine, since QB 2018 expires at the end of may. My current Acct machine is Win 7. QB 2021 requires Win10 to install.

Again, thanks for your help.
 

Tech9

Very Senior Member
This is an entire new network project, but in short what I think about it:

- you'll need to do that WAN security x4
- your IP cams access from Internet doesn't require isolation
- you'll cut your own access to different parts of the network
- Linksys routers are good for technology museums
- TP-Link routers are limited to Fast Ethernet and wireless N
- your only capable router is AX86U
- your devices behind own routers will have to communicate with each other over Internet
- no chance for central/easy management

Since you're interested in pfSense, see one example configuration below. It may give you better ideas how to proceed:

 

testing123

Regular Contributor
This is an entire new network project, but in short what I think about it:

- you'll need to do that WAN security x4
- your IP cams access from Internet doesn't require isolation
- you'll cut your own access to different parts of the network
- Linksys routers are good for technology museums
- TP-Link routers are limited to Fast Ethernet and wireless N
- your only capable router is AX86U
- your devices behind own routers will have to communicate with each other over Internet
- no chance for central/easy management

Since you're interested in pfSense, see one example configuration below. It may give you better ideas how to proceed:


- you'll need to do that WAN security x4

Wouldn't that be covered when (if) I finally get educated on setting up netgate/pfsense? Also, I plan on dropping two of the static IPs. If pfsense comes into play, I can always drop the other 'additional' static, leaving one.

- your IP cams access from Internet doesn't require isolation

I thought that IP cams were easily hacked...I assumed that hacking them might present access to the NW?

- you'll cut your own access to different parts of the network
- your devices behind own routers will have to communicate with each other over Internet

This isn't an issue. I don't really need that kind of access. With the exception of the far end of the bldg, the other machines are within arms reach in my office, and the need is limited anyway. When I do need to transfer files, I use a flash drive.

- your only capable router is AX86U

I agree, but the only system in which speed is important is R1, which is using the x86u.

Thanks for the pfsense link. I've bookmarked it. Someone (maybe you) mentioned Lawrence systems in my other thread that I'll check out too (already have 'perused' on of his vids). It's Greek to me at present.
 

Tech9

Very Senior Member
Using available routers (if the ISP is <100Mbps), with no much networking knowledge required. Add Wi-Fi where needed.

Code:
                PC Main            PC Acct            PC remote
               
                    |                |                |
               
                WR940N            WR940N            WR940N
                192.168.2.1       192.168.3.1       192.168.4.1
               
                        \            |            /

ISP Modem Router    ->    ASUS RT-AX86U Main Router
                                192.168.1.1
                               
                                    |
                               
                                IP Cameras
                                192.168.1.2

What it does:
- All devices connected to WR940N routers have access to AX86U and IP Cameras
- All devices connected to individual WR940N routers have no access to other WR940N
- IP Cameras (DVR) and devices connected to AX86U have no access to any WR940N
 

testing123

Regular Contributor
Thanks for taking the time to make the diagram, and your explanation of what it does is very helpful too. That's actually pretty close to what I had set up before, using subnets, although with the recent 'purge', I eliminated a few of the 'nodes' and removed the WRTs out of service. Also, my main PC was connected to the N66u (was in the position of the 86U on your diagram). But I do have a few questions:

First, my modem doesn't include a 'router' per se. In fact, through this process, I discovered that although the modem (SB8200) has two jacks, I can only use one at a time.

1. Right now, I get between 80-90 mbps on my main pc connected to the 86U if I'm not running my vpn. Will I lose speed going through the 940N?

2. Up to this point, I've set up the IP cams to be LAN only, assuming that they were a weak link that could be exploited. The way you've drawn this...does it completely isolate the IPs from hacking/exploiting the NW or other nodes?
 

Tech9

Very Senior Member
First, my modem doesn't include a 'router' per se.

Modem only is what you need. AX86U will get the external IP from your ISP DHCP. Single external IP is used.

1. Right now, I get between 80-90 mbps on my main pc connected to the 86U if I'm not running my vpn. Will I lose speed going through the 940N?

WR940N has 100Mbps LAN ports and it can do 90Mbps wired. VPN speed won't be affected.

I've set up the IP cams to be LAN only, assuming that they were a weak link that could be exploited.

Imaginary hacker guy has to go through AX86U's firewall and AiProtection first, if the hacking happens over Internet. Your NVR must have protection against attacks over camera network. If someone manages to go through AX86U/DVR, he has to hack individual WR940Rs firewalls to get to your PCs. You're perhaps too concerned about unlikely to happen events.
 

testing123

Regular Contributor
Modem only is what you need. AX86U will get the external IP from your ISP DHCP. Single external IP is used.



WR940N has 100Mbps LAN ports and it can do 90Mbps wired. VPN speed won't be affected.



Imaginary hacker guy has to go through AX86U's firewall and AiProtection first, if the hacking happens over Internet. Your NVR must have protection against attacks over camera network. If someone manages to go through AX86U/DVR, he has to hack individual WR940Rs firewalls to get to your PCs. You're perhaps too concerned about unlikely to happen events.

Thanks for your concise and easy to understand explanations. As to the bolded, that's me. :)
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top